>> CATEGORY: exploit

Atlassian Bamboo remote code execution exploit that leverages the java deserialization vulnerability as noted in CVE-2015-6576.

Traffic CMS version 1.4.x suffers from a local file inclusion vulnerability.

This Metasploit module exploits a SQL injection vulnerability found in Joomla versions 3.2 up to 3.4.4. The vulnerability exists in the Content History administrator component in the core of Joomla….

ZTE ADSL ZXV10 W300 modems suffer from insufficient authorization controls, information disclosure, and a backdoor account feature.

SHAREit WebShare version 2.3.80 suffers from a cross site request forgery vulnerability.

Chkrootkit before 0.50 will run any executable file named /tmp/update as root, allowing a trivial privsec. WfsDelay is set to 24h, since this is how often a chkrootkit scan is…

Cambium ePMP 1000 suffers from a remote OS command injection and privilege escalation vulnerabilities.

There is an integer overflow issue in sanity checking section lengths when parsing the vcdiff format (used in SDCH content encoding). This results in the parser parsing outside of sane…

SuperScan version 4.1 suffers from multiple buffer overflow vulnerabilities. Three exploits included.

Netwin SurgeFTP server version 23d6 suffers from multiple stored cross site scripting vulnerabilities.